Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 1 | #! /usr/bin/env bash |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 2 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 3 | # COPYRIGHT NOTICE STARTS HERE |
| 4 | # |
| 5 | # Copyright 2018 © Samsung Electronics Co., Ltd. |
| 6 | # |
| 7 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | # you may not use this file except in compliance with the License. |
| 9 | # You may obtain a copy of the License at |
| 10 | # |
| 11 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | # |
| 13 | # Unless required by applicable law or agreed to in writing, software |
| 14 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | # See the License for the specific language governing permissions and |
| 17 | # limitations under the License. |
| 18 | # |
| 19 | # COPYRIGHT NOTICE ENDS HERE |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 20 | |
| 21 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 22 | # fail fast |
| 23 | set -e |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 24 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 25 | # OS check |
| 26 | . /etc/os-release |
| 27 | OS_ID="${ID}" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 28 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 29 | case "$OS_ID" in |
| 30 | centos) |
| 31 | ;; |
| 32 | rhel) |
| 33 | ;; |
| 34 | ubuntu) |
| 35 | ;; |
| 36 | *) |
| 37 | echo This OS is not supported: $OS_ID |
| 38 | exit 1 |
| 39 | ;; |
| 40 | esac |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 41 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 42 | # boilerplate |
| 43 | RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' |
| 44 | if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then |
| 45 | SCRIPT_DIR=$(dirname "${0}") |
| 46 | LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") |
| 47 | . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh |
| 48 | fi |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 49 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 50 | # |
| 51 | # local functions |
| 52 | # |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 53 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 54 | start_nexus() { |
| 55 | echo "** Starting nexus **" |
| 56 | if [[ -z "$NEXUS_DATA" ]]; then |
| 57 | echo "Nexus data env is not set" |
| 58 | exit -3 |
| 59 | fi |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 60 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 61 | # valid for case of fresh nexus deployment |
| 62 | # data are inserted in later phases |
| 63 | mkdir -p $NEXUS_DATA |
| 64 | # hardening |
| 65 | chmod a+wrX $NEXUS_DATA |
| 66 | chown -R 200:200 $NEXUS_DATA |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 67 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 68 | docker rm -f nexus 1> /dev/null 2>&1 || true |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 69 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 70 | docker run -d --name nexus\ |
| 71 | --restart unless-stopped \ |
| 72 | -v $NEXUS_DATA:/nexus-data:rw \ |
| 73 | sonatype/nexus3 |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 74 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 75 | echo "** Creating docker network **" |
| 76 | docker network create nexus_network |
| 77 | docker network connect nexus_network nexus |
| 78 | } |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 79 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 80 | start_nginx() { |
| 81 | echo "** Starting reverse proxy - nginx **" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 82 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 83 | docker rm -f nginx 1> /dev/null 2>&1 || true |
| 84 | mkdir -p $NGINX_HTTP_DIR/repo.install-server |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 85 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 86 | mkdir -p "$NGINX_HTTP_DIR/repo.install-server" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 87 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 88 | docker run -d -p 80:80 -p 443:443 -p 10001:443 \ |
| 89 | --name nginx \ |
| 90 | --network nexus_network \ |
| 91 | -v $GEN_CFG_PATH/nginx.conf:/etc/nginx/nginx.conf:ro \ |
| 92 | -v $CERTS_TARGET_PATH:/etc/nginx/certs:ro \ |
| 93 | -v $GIT_REPOS:/srv/git:rw \ |
| 94 | -v $NGINX_LOG_DIR:/var/log/nginx:rw \ |
| 95 | -v $NGINX_HTTP_DIR:/srv/http:ro \ |
| 96 | -v $RHEL_REPO:/srv/http/repo.install-server:ro \ |
| 97 | --restart unless-stopped \ |
| 98 | own_nginx |
| 99 | } |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 100 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 101 | patch_cert() { |
| 102 | file=$1 |
| 103 | cp "$APROJECT_DIR/cfg/$file" "$GEN_CFG_PATH/$file" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 104 | # sed "s#countryName =.*#countryName = $CERT_COUNTRY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file |
| 105 | # sed "s#localityName =.*#localityName = $CERT_LOCALITY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file |
| 106 | # sed "s#organizationName =.*#organizationName = $CERT_ORGANIZATION#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 107 | } |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 108 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 109 | patch_conf_files() { |
| 110 | # patch nexus and root cert |
| 111 | patch_cert nexus_cert.cnf |
| 112 | patch_cert cacert.cnf |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 113 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 114 | # patch nexus v3 ext cert |
| 115 | sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/v3.ext" > $GEN_CFG_PATH/v3.ext |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 116 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 117 | #patch nginx.conf |
| 118 | sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/nginx.conf" > $GEN_CFG_PATH/nginx.conf |
| 119 | } |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 120 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 121 | # |
| 122 | # body |
| 123 | # |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 124 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 125 | message info "Nexus will be installed into this directory: $(pwd)" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 126 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 127 | if ! [ -f ./local_repo.conf ]; then |
| 128 | printf "[?] > Do you want continue? (if no, hit CTRL+C): " |
| 129 | read x |
| 130 | fi |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 131 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 132 | message info "Reading configuration" |
| 133 | get_configuration |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 134 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 135 | mkdir -p "$CERTS_TARGET_PATH" |
| 136 | mkdir -p "$NGINX_LOG_DIR" |
| 137 | mkdir -p "$GEN_CFG_PATH" |
| 138 | if [ "$IS_SELF_EXTRACT" = YES ] ; then |
| 139 | message info "Now I will untar the resources" |
| 140 | message info "This may take a long time..." |
| 141 | sleep 3s |
| 142 | may_self_extract |
| 143 | fi |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 144 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 145 | # |
| 146 | echo "Cleanup docker (if installed)" |
| 147 | docker rm -f nginx 1> /dev/null 2>&1 || true |
| 148 | docker rm -f nexus 1> /dev/null 2>&1 || true |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 149 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 150 | install_files |
| 151 | install_packages "$OS_ID" |
| 152 | setup_vnc_server |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 153 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 154 | update_hosts |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 155 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 156 | # TODO |
| 157 | #check_dependencies |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 158 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 159 | echo "Restarting dnsmasq" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 160 | # TODO dnsmasq config? |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 161 | systemctl enable dnsmasq |
| 162 | systemctl restart dnsmasq |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 163 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 164 | echo "** Generating config files to $GEN_CFG_PATH **" |
| 165 | echo "Configure ssl certificates" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 166 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 167 | patch_conf_files |
| 168 | create_root_CA |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 169 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 170 | # create selfinstall CA cert |
| 171 | $BASH_SCRIPTS_DIR/tools/create_si_cacert_pkg.sh |
| 172 | # run generated file |
| 173 | ./install_cacert.sh |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 174 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 175 | create_cert "nexus" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 176 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 177 | echo "** Certificates finished **" |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 178 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 179 | update_docker_cfg |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 180 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 181 | echo "Restarting docker" |
| 182 | systemctl enable docker |
| 183 | systemctl restart docker |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 184 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 185 | update_firewall |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 186 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 187 | set +e |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 188 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 189 | echo "** Loading images **" |
| 190 | docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/sonatype_nexus3_latest.tar |
| 191 | docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/own_nginx_latest.tar |
Petr Ospalý | 03e6124 | 2019-01-03 16:54:50 +0100 | [diff] [blame^] | 192 | |
Piotr Perzanowski | 4e3b228 | 2018-12-18 15:51:39 +0100 | [diff] [blame] | 193 | start_nexus |
| 194 | start_nginx |